codetether_agent/server/auth/claims.rs
1use serde::{Deserialize, Serialize};
2
3/// JWT claims extracted from a Bearer token payload.
4///
5/// These claims are attached to the request after authentication succeeds so
6/// downstream handlers can scope behavior such as bus topic access.
7///
8/// # Examples
9///
10/// ```rust
11/// use codetether_agent::server::auth::JwtClaims;
12///
13/// let claims = JwtClaims {
14/// topics: vec!["agent.alpha".into()],
15/// subject: Some("worker-1".into()),
16/// scopes: vec!["bus:read".into()],
17/// };
18///
19/// assert_eq!(claims.subject.as_deref(), Some("worker-1"));
20/// assert_eq!(claims.topics, vec!["agent.alpha"]);
21/// ```
22#[derive(Debug, Clone, Default, Serialize, Deserialize)]
23pub struct JwtClaims {
24 /// Allowed topics for bus stream filtering.
25 #[serde(default)]
26 pub topics: Vec<String>,
27 /// Optional user identifier.
28 #[serde(default, rename = "sub")]
29 pub subject: Option<String>,
30 /// Additional scopes from the JWT.
31 #[serde(default)]
32 pub scopes: Vec<String>,
33}